ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool RawPOS

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: RawPOS

NamesRawPOS
FIENDCRY
DUEBREW
DRIFTWOOD
CategoryMalware
TypePOS malware, Backdoor, Info stealer
Description(Trend Micro) Despite being one of the oldest Point-of-Sale (PoS) RAM scraper malware families out in the wild, RawPOS (detected by Trend Micro as TSPY_RAWPOS) is still very active today, with the threat actors behind it primarily focusing on the lucrative multibillion-dollar hospitality industry. While the threat actor’s tools for lateral movement, as well as RawPOS’ components, remain consistent, new behavior from the malware puts its victims at greater risk via potential identity theft. Specifically, this new behavior involves RawPOS stealing the driver’s license information from the user to aid in the threat group’s malicious activities.
Information<https://blog.trendmicro.com/trendlabs-security-intelligence/rawpos-new-behavior-risks-identity-theft/>
<https://usa.visa.com/dam/VCOM/download/merchants/alert-rawpos.pdf>
<https://threatvector.cylance.com/en_us/home/rawpos-malware.html>
MITRE ATT&CK<https://attack.mitre.org/software/S0169/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.rawpos>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:rawpos>

Last change to this tool card: 24 May 2020

Download this tool card in JSON format

All groups using tool RawPOS

ChangedNameCountryObserved

APT groups

 FIN5[Unknown]2008 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key